The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Its core purpose is to help organizations improve their software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Software
engineering organizations now are in an environment that is more
uncertain—due in large part to the increasingly distributed nature of
software development.

How well those organizations navigate through this environment will
determine their success or failure, and effective navigation requires a
new view of risk analysis and management. The SEI tackles risk analysis
and management in distributed development at both the project and
organization levels, throughout the software development life cycle.

Protecting against risk introduced by complex software supply chains

Software development organizations are concerned about direct attacks
on a software supply chain to insert malicious code. However, it is
more likely that defects or vulnerabilities will be inadvertently
inserted during development. And, unfortunately, today's complex supply
chains tend to increase the risk of that occurring. The SEI offers
approaches to identify and mitigate risks due to complex software supply
chains.

Avoiding system integration risk

The integration phase is a major source of cost and risk in
software-reliant systems. Studies show that half of all defects in
software development are found in this phase, at the time when they are
more costly and time-consuming to address. While half of software
defects are found during integration, however, more than two-thirds are
introduced in the earliest development phases—that is, requirements and
design. The SEI offers approaches to find and address defects earlier in
the development life cycle.

Overcoming risks in software sustainment

Successful software sustainment consists of more than modifying and
updating source code to correct errors or add new system features. The
SEI offers methods, models, and guidance to manage all of the aspects
required to support, maintain, and operate the software aspects of a
system.